Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'fmgAkYwo.exe' = '%HOMEPATH%\MgoUgYYU\fmgAkYwo.exe'
- [<HKLM>\System\CurrentControlSet\Services\CIkIMISW] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\CIkIMISW] 'ImagePath' = '%ALLUSERSPROFILE%\viowsQsQ\posAYQwA.exe'
- 'CIkIMISW' %ALLUSERSPROFILE%\viowsQsQ\posAYQwA.exe
- %HOMEPATH%\mgougyyu\fmgakywo
- %ALLUSERSPROFILE%\wucwykwq\osiswmcy
- %HOMEPATH%\mgougyyu\fmgakywo.exe
- %ALLUSERSPROFILE%\viowsqsq\posayqwa.exe
- %ALLUSERSPROFILE%\ekyq.txt
- %WINDIR%\syswow64\config\systemprofile\mgougyyu\fmgakywo
- <Current directory>\dues.exe
- <Current directory>\myaa.exe
- <Current directory>\jick.exe
- <Current directory>\yyca.exe
- <Current directory>\sqwo.exe
- <Current directory>\dues.exe
- <Current directory>\myaa.exe
- <Current directory>\jick.exe
- <Current directory>\yyca.exe
- <Current directory>\sqwo.exe
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'OSIswMcY.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\mgougyyu\fmgakywo.exe'
- '%ALLUSERSPROFILE%\viowsqsq\posayqwa.exe'